Backward Edge Pointer Protection Technology Based on Dynamic Instrumentation

2022 IEEE 8th International Conference on Computer and Communications (ICCC) Pub Date : 2022-12-09 DOI:10.1109/ICCC56324.2022.10065707

Yiwei Zou, Tao Zhang, Mengyuan Pan, Zongfu Luo

{"title":"Backward Edge Pointer Protection Technology Based on Dynamic Instrumentation","authors":"Yiwei Zou, Tao Zhang, Mengyuan Pan, Zongfu Luo","doi":"10.1109/ICCC56324.2022.10065707","DOIUrl":null,"url":null,"abstract":"Buffer overflow is an important security issue. Many countermeasures have been proposed, e.g., DEP, shadow stack. However, existing DEP is facing the problem of being bypassed by attackers through information leakage attacks. To address the shortcomings of current backward edge pointer integrity protection in preventing buffer overflow attacks, this paper proposes a shadow stack based backward edge pointer integrity protection scheme through dynamic instrumentation, and implements a prototype system based on the DynamoRIO framework. Shadow stack mechanism can achieve effective protection for return address integrity by maintaining a one-to-one mapping relationship between the shadow stack and the program stack. Meanwhile, test cases were designed to evaluate the effectiveness, runtime performance and compatibility of the plugin. Experiment results show that the security plugin is compatible with most programs and can run with an average overhead of about 10% to 15%. This is acceptable when comparing to stack shield with 22% overhead.","PeriodicalId":263098,"journal":{"name":"2022 IEEE 8th International Conference on Computer and Communications (ICCC)","volume":"18 11","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE 8th International Conference on Computer and Communications (ICCC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCC56324.2022.10065707","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Buffer overflow is an important security issue. Many countermeasures have been proposed, e.g., DEP, shadow stack. However, existing DEP is facing the problem of being bypassed by attackers through information leakage attacks. To address the shortcomings of current backward edge pointer integrity protection in preventing buffer overflow attacks, this paper proposes a shadow stack based backward edge pointer integrity protection scheme through dynamic instrumentation, and implements a prototype system based on the DynamoRIO framework. Shadow stack mechanism can achieve effective protection for return address integrity by maintaining a one-to-one mapping relationship between the shadow stack and the program stack. Meanwhile, test cases were designed to evaluate the effectiveness, runtime performance and compatibility of the plugin. Experiment results show that the security plugin is compatible with most programs and can run with an average overhead of about 10% to 15%. This is acceptable when comparing to stack shield with 22% overhead.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

基于动态仪表的后沿指针保护技术

缓冲区溢出是一个重要的安全问题。人们提出了许多对策，如DEP、阴影叠加等。然而，现有的DEP面临着被攻击者通过信息泄漏攻击绕过的问题。针对当前后缘指针完整性保护在防止缓冲区溢出攻击方面的不足，通过动态检测提出了一种基于影子堆栈的后缘指针完整性保护方案，并基于DynamoRIO框架实现了原型系统。影子堆栈机制通过影子堆栈与程序堆栈之间保持一一对应的映射关系，实现对返回地址完整性的有效保护。同时，设计了测试用例来评估插件的有效性、运行时性能和兼容性。实验结果表明，该安全插件与大多数程序兼容，运行时的平均开销约为10% ~ 15%。这是可以接受的，当与22%的开销堆栈盾。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

2022 IEEE 8th International Conference on Computer and Communications (ICCC)

自引率

0.00%

发文量